libpng Progressive Display Image Reading Overflow

2004-08-04T00:00:00
ID OSVDB:8316
Type osvdb
Reporter Chris Evans(chris@scary.beasts.org)
Modified 2004-08-04T00:00:00

Description

Vulnerability Description

A potential local integer overflow exists in libpng. The library function png_push_read_chunk contains code that might be susceptible to integer overflows. It is currently unknown how dangerous this code might be. With a specially crafted request, an attacker might cause crashes or execution of code resulting in a loss of availability.

Technical Description

According to the vulnerability discoverer, the severity of issue is unknown. Might be difficult to exploit, if at all.

Solution Description

Upgrade to version 1.2.6 release candidate 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Users of the older 1.0 series should upgrade to libpng-1.0.16 release candidate 1 or higher.

Short Description

A potential local integer overflow exists in libpng. The library function png_push_read_chunk contains code that might be susceptible to integer overflows. It is currently unknown how dangerous this code might be. With a specially crafted request, an attacker might cause crashes or execution of code resulting in a loss of availability.

References:

Vendor URL: http://www.imagemagick.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA04-217A Security Tracker: 1010854 Secunia Advisory ID:12222 Secunia Advisory ID:12810 Secunia Advisory ID:13341 Secunia Advisory ID:22958 Secunia Advisory ID:12221 Secunia Advisory ID:12219 Secunia Advisory ID:12223 Secunia Advisory ID:12232 Secunia Advisory ID:12240 Secunia Advisory ID:12248 Secunia Advisory ID:15432 Secunia Advisory ID:17645 Secunia Advisory ID:22957 Secunia Advisory ID:12220 Secunia Advisory ID:12234 Secunia Advisory ID:12249 Secunia Advisory ID:12283 Secunia Advisory ID:12354 Secunia Advisory ID:13291 Related OSVDB ID: 8313 Related OSVDB ID: 8326 Related OSVDB ID: 8312 Related OSVDB ID: 8314 Related OSVDB ID: 8315 RedHat RHSA: RHSA-2004:402-08 RedHat RHSA: RHSA-2004:421-17 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200408-22.xml Other Advisory URL: http://scary.beasts.org/security/CESA-2004-001.txt Other Advisory URL: http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01063 Other Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617 Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1 Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16/SCOSA-2004.16.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0026.html Keyword: SCOSA-2005.49 ISS X-Force ID: 10925 CVE-2004-0599 CIAC Advisory: o-192 CERT VU: 477512 CERT VU: 160448 CERT VU: 286464